Lucene search
+L

72 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-45275

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec function without sandboxing, input...

9.9CVSS6.9AI score
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-40501

Cherry Studio versions 1.2.2–1.9.12 contain a remote code execution vulnerability in the SearchService due to a nodeIntegration misconfiguration. When an Electron BrowserWindow is created with nodeIntegration enabled and contextIsolation disabled, control over search provider content (provided by...

8.8CVSS6.7AI score0.00438EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS0.00386EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 8:17 p.m.3 views

CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS6.3AI score
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:14 p.m.6 views

EUVD-2026-40382

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:14 p.m.26 views

CVE-2026-7871

CVE-2026-7871 affects IBM Langflow OSS 1.0.0–1.10.0. A deserialization flaw in the Redis cache backend allows attackers with Redis access to execute arbitrary code with full application privileges, compromising secrets, data, and system integrity. IBM notes the issue arises from unsafe deserializ...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53948

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Users with access to Redis can execute arbitrary code with full application privileges. This allows for the compromise of all secrets, data, and system integrity. Recommendations At th...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 8:0 p.m.13 views

EUVD-2026-36555

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS5.6AI score0.00164EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.15 views

CVE-2026-44883

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References1
NVD
NVD
added 2026/05/28 10:16 p.m.17 views

CVE-2026-44883

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

7.7CVSS0.00316EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 8:59 p.m.13 views

EUVD-2026-33059

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.20 views

PT-2026-41143

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description The authentication middleware accepts JSON Web Tokens JWT...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References14
EUVD
EUVD
added 2026/01/26 5:39 p.m.10 views

EUVD-2026-4681

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an...

8.7CVSS5.9AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.6 views

SnapGear Management Console SG560 跨站请求伪造漏洞

SnapGear Management Console SG560 is a versatile network security gateway from SnapGear. The SnapGear Management Console SG560 suffers from a cross-site request forgery vulnerability that stems from susceptibility to a cross-site request forgery attack that could result in the creation of a new...

8.8CVSS6.7AI score0.00231EPSS
Exploits2References5
NVD
NVD
added 2025/12/09 9:15 p.m.8 views

CVE-2021-47730

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user...

8.8CVSS0.00221EPSS
Exploits1References5
NVD
NVD
added 2025/12/02 2:16 p.m.6 views

CVE-2025-41086

Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...

6.9CVSS0.00187EPSS
Exploits0References2
CVE
CVE
added 2025/12/02 1:22 p.m.18 views

CVE-2025-41086

The CVE-2025-41086 affects GAMS licensing: the licensing system validator uses an insecure checksum algorithm, allowing an attacker who knows the checksum method and license-line format to recompute a valid checksum and forge licenses. This enables unlimited valid licenses, bypassing usage restri...

6.9CVSS6.5AI score0.00187EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/02 1:22 p.m.12 views

CVE-2025-41086 Authorization bypass in GAMS from GAMS Development Corp.

Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...

6.9CVSS0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.6 views

KeeneticOS 安全漏洞

KeeneticOS is an operating system from the German company Keenetic. A security vulnerability exists in KeeneticOS versions prior to 4.3, which stems from the presence of cross-site scripting on the Wireless ISP page that could allow an attacker to add a user with full privileges and take over the...

6.1CVSS6AI score0.00225EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/23 12:0 a.m.13 views

CVE-2025-56007

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

0.00313EPSS
Exploits1References3
Rows per page
Query Builder